The dark side of Pokemon Go

By ​Anna Robaton

July 13, 2016 / 8:21 AM
/ MoneyWatch

Moneywatch Headlines

The wildly successful release of Pokemon Go hasn't exactly been all fun and games. The new, "augmented reality" smartphone game, in which players try to capture cute digital monsters overlaid on real-world settings, has already spawned its share of problems and controversy.

Police have had to warn the public about the dangers of playing the game while driving, and some distracted players have reportedly wiped out as they wandered public places in search of Pokemon. In Missouri, four men committed a string of robberies by targeting their victims through the game, CBS affiliate KMOV reported.

Now, some experts are raising privacy concerns about the game, which became the most downloaded iPhone app following its rollout last week and has already been installed on more than 5 percent of all Android devices.

"Pokemon Go" app collecting data from users

In the game's initial release, iPhone users could sign in by creating an account or through their Google (GOOG) accounts. The latter option reportedly gave Niantic, Pokemon's developer, full access to players' Google accounts, meaning the company could access their Gmail, Google Drive files, photos and videos stored in Google Photos and other content.

"You were giving [Niantic] permission, at least in theory to crawl into every aspect of your Google world," said Adam Levin, founder and chairman of consulting firm IDT911 and author of "Swiped: How to Protect Yourself in a World Full of Scammers, Phishers and Identity Thieves."

If Niantic were to get hacked, all the information it collects would be up for grabs, he noted.

"We, as consumers, give away far too much access to our information," warned Levin. "This is America: Give away whatever you want to give away, but just understand what it is you're giving away and the ramifications" of your decisions.

"We are living in a world where breaches have become the third certainty in life," he added.

Niantic, which was spun out of Google in 2015, responded on Monday to criticism over privacy concerns by releasing a statement that it "recently discovered" the "account creation process on iOS erroneously requests full access permission for the user's Google account."

The company said it has been "working on a client-side fix to request permission for only basic Google profile information," specifically user IDs and email addresses, "in line with the data we actually access."

The growing privacy concerns surrounding the game have not only led some consumers to uninstall the free app but also caught the attention of lawmakers. On Tuesday, Sen. Al Franken, D-Minnesota, sent a letter to Niantic posing questions to clarify how the company will handle user information.

In their rush to join the Pokemon Go craze, many consumers, said Levin, have overlooked privacy considerations. In addition, some have been duped into downloading "clone" apps from third parties. Such apps could infect their devices with malware and make would-be Pokemon monster catchers vulnerable to identity theft and phishing scams, he said.

With any app, he added, "consumers should make sure they're downloading a legitimate app. It's important to know where an app is coming from and understand exactly what you are giving permission to" when it comes to access to personal information.